WHOIS shows my info despite redaction on at registration time
I recently purchased a new domain and registered it directly through Cloudflare. I had the privacy and redaction feature enabled at the time. Now, I'm getting spam email and many WHOIS sites show my private information.
23 Replies
I had the privacy and redaction feature enabled at the timeIt's not a feature that you can enable on checkout, Cloudflare just has redaction on by default. What's the extension? Some like
us force registrants to show their infoThe TLD is
.ai. I've had no such issue with my .io domain name. GoDaddy is showing redacted for the domain, but ICANN isn't.
I would imagine this might be something I need to contact ICANN about? https://www.icann.org/complaints-officeWhat's the domain if you don't mind sharing (can dm if you want), Cloudflare does only redaction and not whois privacy, and different Registries have different policies, but should just be country/state usually
idk what they would do
Hmm actually ICANN is showing accurately now. It's who.is that isn't.
Do you have whois privacy enabled under Domain Registration -> Manage Domains -> Manage -> configuration?
I wonder if sites scraped it in the brief window before redaction was enabled.
I think it's more that some websites are being nice and are censoring, I see it all via
whois util.
In terms of what you can do, you could try disabing/re-enabling that, and then Registrar Ticket
I was trying to find the policies of ai on redaction, they all say different things can be redacted, although still shouldn't show everythingOk I toggled WHOIS Privacy off and on again. How long would you estimate propagation to take, day or two?
Not something I've paid too much attention to, with com/net usually it's minutes. Could be longer with
.ai but I wouldn't expect more then a few hours or so
I'd make a registrar ticket regardless as it shouldn't have happened / something they should look into, even if that does fix it
when you make ticket, please give ticket #, can escalate01385327
Trying to check status refers me here with a database insert failure parameter:
https://developers.cloudflare.com/support/account-management-billing/cannot-locate-dashboard-account/?ErrorCode=41&ErrorDescription=Execution+error&ErrorDetails=DML%3AInsert+failed.+First+exception+on+row+0%3B+first+error%3A+UNKNOWN_EXCEPTION%2C+portal+account+owner+must+have+a+role%3A+%5B%5D
when they respond you'll get an email
you could make a ticket about dashboard access too though (instructions on that page), you have a paid service, just an annoying issue that's been around since they switched help desk services
Ok. My support ticket about support tickets is 01385341. Thank you for your help!
Thanks, I raised that one, wonder if it's a broader quirk with
.ai since they just added them. Cloudflare's rdap tool https://rdap.cloudflareregistrar.com/ui/index.html does show it censored, at least now, but not ai's whois serverGotcha. Thank you again for the link to the official one.
There aren't by chance published SLAs for paid support?
Only Enterprise gets SLAs or SLOs for tickets
One of the other community champs (James) did buy an ai domain (ouch) to replicate this, and so far they replied with
Quick update from the team is that this is expected behavior as the .ai TLD does not censor this info, and they'll take steps to make that clear when registering .ai domains similar to what we currently do for .us.So I guess difference between redaction and full whois privacy. Hoping for some proper communication from the Registrar team to affected users. In the short term, I would consider changing the info on there like your phone/email etc to non-personal or virtual numbers. Your ticket is still escalated though, this is separate from that
Ah ok. I'll likely forego the domain if .ai has the same caveat as .us so thank you for the update! I'll cancel those tickets once I get access to the portal.
Extra questions on this:
- Are registrars like PorkBun, NameCheap, NameSilo, Proxy LLC, etc. in violation considering this domain is privatized by them per the official .ai WHOIS (http://whois.nic.ai/) and using Cloudflare name servers? This seems to contradict James' update and implies the issue may reside with Cloudflare:
-
websim.ai
- copy.ai
- guides.ai
- notion.ai
- character.ai
- jasper.ai
- I imagine the no refund policy is still in effect for registering this domain for two years despite there being an option to enable WHOIS privacy during registration and seemingly being a feature other registrars can provide?
- Is there a definitive source of truth for which TLDs are compatible with WHOIS privacy, or a list of sources per TLD? The policies page seems to be outdated: https://www.cloudflare.com/tld-policies
I've re-registered the domain with PorkBun and the domain WHOIS is now private per the official .ai WHOIS (http://whois.nic.ai/)Are registrars like PorkBun, NameCheap, NameSilo, Proxy LLC, etc. in violation considering this domain is privatized by them per the official .ai WHOIS (http://whois.nic.ai/) and using Cloudflare name servers?It's the difference between Whois Redaction and full whois privacy. Whois privacy is a service which they replace your details with theirs. Redaction (which is what Cloudflare uses) simply doesn't send info. For
com this is just the difference between only showing Country and State (redaction) vs replacing those too (privacy) but different TLDs have different rules
I imagine the no refund policy is still in effect for registering this domain for two years despite there being an option to enable WHOIS privacy during registration and seemingly being a feature other registrars can provide?I'd push that with support once they respond to you, they should do something, obviously not right for them to claim that it would be redacted repeatedly during the checkout process and then it's just not...
Is there a definitive source of truth for which TLDs are compatible with WHOIS privacy, or a list of sources per TLD? The policies page seems to be outdated: https://www.cloudflare.com/tld-policiesNot as far as I am aware of
It's the difference between Whois Redaction and full whois privacyIs the MVP speaking here from 2018 mistaken in their claim that WHOIS privacy is explicitly offered by Cloudflare?: https://community.cloudflare.com/t/cloudflare-registrar-and-whois-privacy/36225
Redaction (which is what Cloudflare uses) simply doesn't send info.The TLD WHOIS wouldn't have been able to display my info at all in this case; is redaction done as an after-the-fact request that a WHOIS provider can deny or not support? This may affect whether or not I complete the transfer of other domains to this registrar.
not right for them to claim that it would be redacted repeatedly during the checkout processTrue, I'll leave these tickets open after all. Thank you again for helping me understand! I'd rather have my domains with Cloudflare but don't yet have the business revenue to support registered agent nor PO box for physical addressing.
Not as far as I am aware ofGiven the recent announcement by ICANN, is there any roadmap for sunsetting WHOIS and implementing RDAP, or for users to enable one or both?: https://www.icann.org/en/announcements/details/icann-update-launching-rdap-sunsetting-whois-27-01-2025-en I do see this little tool: https://rdap.cloudflareregistrar.com/
Is the MVP speaking here from 2018 mistaken in their claim that WHOIS privacy is explicitly offered by Cloudflare?: https://community.cloudflare.com/t/cloudflare-registrar-and-whois-privacy/36225It just gets confusing with terminology. As far as I know
whois privacy specifically refers to
"A user buys privacy from the company, who in turn replaces the user's information in the WHOIS with the information of a forwarding service"
https://en.wikipedia.org/wiki/Domain_privacy
Which is not what Cloudflare does, but it is what some registrars offer. Cloudflare simply does redaction
The TLD WHOIS wouldn't have been able to display my info at all in this case; is redaction done as an after-the-fact request that a WHOIS provider can deny or not support?True, I believed that CF was redacting and sending info to be displayed in whois (as otherwise this gets tricky with gdpr), and just implemented that somewhere on their backend and then other private info another way to the registry, but it seems more complicated then that. https://webmasters.stackexchange.com/a/63424 cites https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en#privacy-proxy which indicates even with whois privacy protection, ICANN and such still get all your info for their purposes, but not too much info out there about redaction
Webmasters Stack Exchange
Can other domain registrars view non-public whois information?
If my domains are hosted at a registrar (lets take Gandi, for example) and it has privacy protection on the whois information, can another ICANN-accredited registrar (GoDaddy, for example) still vi...
Given the recent announcement by ICANN, is there any roadmap for sunsetting WHOIS and implementing RDAP, or for users to enable one or both?: https://www.icann.org/en/announcements/details/icann-update-launching-rdap-sunsetting-whois-27-01-2025-en I do see this little tool: https://rdap.cloudflareregistrar.com/This is more of a thing with the Registries and not really Registrars, you query whois.nic.ai, not Cloudflare's typically, although some tools do both. Cloudflare already supports rdap though as you see. They show the same info regardless, just different format I wouldn't expect whois to go away anytime soon, all that says is for gTLDs, RDAP will be the primary.
.ai is not a gTLD, it's a ccTLD (country code top level domain), and ccTLDs get a lot more freedomGood info. Thanks for all these clarifications. I'll stop spamming this thread now, but this all good information on how complex this is and that I'm on paths forward with Support.
A final point on gTLDs and ccTLDs, it seems there's some flex there as well as to what (maybe only monopoly-sized) orgs can choose to do, too. Google treats some ccTLDs as gTLDs: https://developers.google.com/search/docs/specialty/international/managing-multi-regional-sites#generic-domains
A final point on gTLDs and ccTLDs, it seems there's some flex there as well as to what (maybe only monopoly-sized) orgs can choose to do,I mean fundementally to a user, to dns, etc, gTLDs and ccTLDs aren't much different. That's in the search/seo context, which makes sense for them. Administratively, ICANN has way less oversight into ccTLDs, and they can do what they want in a lot of different ways.
.com, a gTLD, has restrictions on how much they can raise the price, and all gTLDs have a uniform dispute process (UDRP). ccTLDs can use whatever prricing and aren't required to use UDRP, etc. ICANN does not accredit registrars or set registration policies for ccTLDs.
It gets complicated, but the tldr is just ICANN has way less control over them and thus you also have less protections with them. All new gTLDs need to support dnssec, ICANN can tell them to support rdap, etc, not stuff that applies to ccTLDs